sjat
13ae674cc9
Dogfood of the new /kaizen command. 11 consumed, 1 kept open.
- SYSTEMATIZE → docs/testing/gotchas.md (apply:{tags} propagation, Molecule
tag-isolation testing, API/templating render-only gap); CLAUDE.md
(item['key'] loop convention, TF module required_providers); public_dns
README (Gandi null-MX workaround).
- CHANGE → extend the Stop hook to also guard the brainstorming spec-review gate
(verified: blocks the gate, passes meta-discussion).
- SYSTEMATIZE → make new-role scaffolds the access__/backup__ noqa reminder;
ADR-004 documents the cross-role-naming convention.
- ALREADY-BUILT/ACCEPTED → exec-menu guard verified firing; ADR-023; ADR-024;
subagent-faithfulness now embodied in the two-stage subagent review.
- KEEP-OPEN → a repo-scan.py check for ADRs that over-claim reconciliation.
Nudge: OVERDUE (13 signals) → ok (1). make lint + 16 friction-scan tests green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| base | ||
| dev_env | ||
| docker_host | ||
| public_dns | ||
| reverse_proxy | ||
| README.md | ||
roles/
Local Ansible roles. No Galaxy roles — every role is written and maintained here
(ADR-003). Scaffold new ones with make new-role NAME=<name>; never create the
directory structure by hand.
Each role must have: a molecule/default/ scenario (Debian 13), a populated
README.md, and a filled-in meta/main.yml. Conventions: CLAUDE.md and
docs/runbooks/new-role.md.
Current state: base is partially built — its firewall (nftables) and
hardening (SSH key-only + fail2ban) concerns are implemented, tested, and the
hardening concern is applied to askari; the remaining concerns (auditd, packages,
users) are not yet built. docker_host (Docker engine + Compose), reverse_proxy
(Caddy), public_dns (Gandi), and dev_env are built. See STATUS.md for the
authoritative breakdown.